• 한국항행학회논문지
• /
• 제14권5호
• /
• pp.725-736
• /
• 2010

최근에는 웹을 통한 서비스 증가와 더불어 이와 관련된 공격이 증가하고 있다. 또한, 웹 공격 형태는 공격을 성공시키기 위하여 여러 가지 공격을 사용하는 방법을 시도하고 있다. 이와 같이 웹 공격 방법이 다양화 되고 있는 추세이지만, 웹 공격을 방어하기 위한 방법에 관한 연구는 미비하다. 따라서 웹 어플리케이션을 보호하기 위해 웹 공격을 분류하고 이를 통하여 웹 공격의 특성을 파악할 필요가 있다. 본 논문에서는, 현재 웹 어플리케이션에서 수행되는 웹 공격의 특성을 파악하고, 이를 효과적으로 표현하는 방법을 제안한다. 공격이 가능한 웹 공격 시나리오를 다양하게 생성하여, 제안하는 표현 방법을 검증한다.

• International Journal of Computer Science & Network Security
• /
• 제24권1호
• /
• pp.52-60
• /
• 2024

APT (Advanced Persistent Threat) attack is a dangerous, targeted attack form with clear targets. APT attack campaigns have huge consequences. Therefore, the problem of researching and developing the APT attack detection solution is very urgent and necessary nowadays. On the other hand, no matter how advanced the APT attack, it has clear processes and lifecycles. Taking advantage of this point, security experts recommend that could develop APT attack detection solutions for each of their life cycles and processes. In APT attacks, hackers often use phishing techniques to perform attacks and steal data. If this attack and phishing phase is detected, the entire APT attack campaign will be crash. Therefore, it is necessary to research and deploy technology and solutions that could detect early the APT attack when it is in the stages of attacking and stealing data. This paper proposes an APT attack detection framework based on the Network traffic analysis technique using open-source tools and deep learning models. This research focuses on analyzing Network traffic into different components, then finds ways to extract abnormal behaviors on those components, and finally uses deep learning algorithms to classify Network traffic based on the extracted abnormal behaviors. The abnormal behavior analysis process is presented in detail in section III.A of the paper. The APT attack detection method based on Network traffic is presented in section III.B of this paper. Finally, the experimental process of the proposal is performed in section IV of the paper.

• 디지털산업정보학회논문지
• /
• 제16권1호
• /
• pp.67-78
• /
• 2020

Typical security solutions such as intrusion detection system are not suitable for detecting advanced persistent attack(APT), because they cannot draw the big picture from trivial events of security solutions. Researches on techniques for detecting multiple stage attacks by analyzing the correlations between security events or alerts are being actively conducted in academic field. However, these studies still use events from existing security system, and there is insufficient research on the structure of the entire security system suitable for advanced persistent attacks. In this paper, we propose an attack path and intention recognition system suitable for multiple stage attacks like advanced persistent attack detection. The proposed system defines the trace format and overall structure of the system that detects APT attacks based on the correlation and behavior analysis, and is designed with a structure of detection system using deep learning and big data technology, etc.

• Proceedings of the National Institute of Ecology of the Republic of Korea
• /
• 제3권1호
• /
• pp.47-53
• /
• 2022

The escape behavior of prey fish to predator attack is directly linked to the survival of the fish. In this study, I explored the escape behavior of Medaka fish to bird attacks. To simulate the attack, I designed a model triangular-shaped bird to slide along a fishing line connected between rods at both ends of the tank. The triangular shape was set to 10×15 (S=1), 15×20 (S=2), and 20×25 cm (S=3) with base×height. The slope (θ) of the fishing line, which determines the attack speed of the model bird, was set to values of 15° (θ=1), 30° (θ=2), and 45° (θ=3). The escape behavior was characterized using five variables: escape speed (ν), escape acceleration (α), responsiveness (γ), branch length similarity entropy (ε), and alignment (ϕ). The experimental results showed when (S, θ)=(fixed, varied), the change in values of the five variables were not significant. Thus, the fish respond more sensitively to S than to θ In contrast, when (S, θ)=(varied, fixed), ν, α, and γ showed increasing trends but ε and ϕ did not change much. This indicates the nature of fish escape behavior irrespective of the threat is inherent in ε and ϕ. I found that fish escape behavior can be divided into two types for the five physical quantities. In particular, the analysis showed that the type was mainly determined by the size of the model bird.

• 정보과학회 논문지
• /
• 제41권12호
• /
• pp.1035-1049
• /
• 2014

본 논문은 행위 온톨로지(Behavior Ontology)의 개념을 기반으로 한 보안-중심 시스템 안의 공격 패턴을 감지하기 위한 방법을 제안한다. 일반적으로 보안-중심 시스템들은 매우 규모가 크고 복잡하며, 가능한 모든 방법으로 공격자에 의해 공격된다. 그러므로, 공격 감지를 위한 몇 가지의 구조적 방법을 통해 다양한 공격들을 감지하는 것은 매우 복잡하다. 본 논문은 행위 온톨로지를 통하여 이러한 문제를 극복한다. 시스템 안의 공격의 패턴들은 시스템의 클래스 온톨로지에서 정의된 행동(Action)들을 순서에 따라 나열함으로써 정의된다. 공격 패턴이 행동들의 순서로 정의됨으로써 격자와 같이 포함관계를 기반으로 한 계층적인 순서로 추상화될 수 있다. 공격 패턴을 위한 행위 온톨로지가 정의되면, 대상 시스템 안의 공격들은 온톨로지의 구조 안에서 의미적이고 계층적으로 감지될 수 있다. 다른 공격 분석 모델들과 비교해보면, 본 논문에서의 행위 온톨로지를 통한 분석은 시간과 공간적으로 매우 효율적이고 효과적인 방법이다.

• 한국콘크리트학회:학술대회논문집
• /
• 한국콘크리트학회 2006년도 춘계 학술발표회 논문집(II)
• /
• pp.209-212
• /
• 2006

Until now, sulfate attack is not completely understood. The purpose of this study is to provide a fundamental data to understand deterioration mechanism by sulfate attack. Chemical processes for products formed by sulfate attack were explained in this study. ASTM C1012 test and microstructural observations such as XRD and BSE analysis were carried out to manifest behavior and role of the products formed during sulfate attack. Regarding the dominant causes of sulfate attack, the main deterioration modes could be divided into 3 types; (1) expansive type, (2) onion-peeling type, and (3) acidic type.

• International Journal of Computer Science & Network Security
• /
• 제21권6호
• /
• pp.17-22
• /
• 2021

The attack trend on end-users via mobile devices is increasing in both the danger level and the number of attacks. Especially, mobile devices using the Android operating system are being recognized as increasingly being exploited and attacked strongly. In addition, one of the recent attack methods on the Android operating system is to take advantage of Android Package Kit (APK) files. Therefore, the problem of early detecting and warning attacks on mobile devices using the Android operating system through the APK file is very necessary today. This paper proposes to use the method of analyzing abnormal behavior of APK files and use it as a basis to conclude about signs of malware attacking the Android operating system. In order to achieve this purpose, we propose 2 main tasks: i) analyzing and extracting abnormal behavior of APK files; ii) detecting malware in APK files based on behavior analysis techniques using machine learning or deep learning algorithms. The difference between our research and other related studies is that instead of focusing on analyzing and extracting typical features of APK files, we will try to analyze and enumerate all the features of the APK file as the basis for classifying malicious APK files and clean APK files.

• 한국방재학회:학술대회논문집
• /
• 한국방재학회 2009년도 정기 학술발표대회
• /
• pp.101.2-101.2
• /
• 2009

• 디지털산업정보학회논문지
• /
• 제10권1호
• /
• pp.81-87
• /
• 2014

Password-based authentication using smart card provides two factor authentications, namely a successful login requires the client to have a valid smart card and a correct password. While it provides stronger security guarantees than only password authentication, it could also fail if both authentication factors are compromised ((1) the user's smart card was stolen and (2) the user's password was exposed). In this case, there is no way to prevent the adversary from impersonating the user. Now, the new technology of biometrics is becoming a popular method for designing a more secure authentication scheme. In terms of physiological and behavior human characteristics, biometric information is used as a form of authentication factor. Biometric information, such as fingerprints, faces, voice, irises, hand geometry, and palmprints can be used to verify their identities. In this article, we review the biometric-based authentication scheme by Cheng et al. and provide a security analysis on the scheme. Our analysis shows that Cheng et al.'s scheme does not guarantee any kind of authentication, either server-to-user authentication or user-to-server authentication. The contribution of the current work is to demonstrate these by mounting two attacks, a server impersonation attack and a user impersonation attack, on Cheng et al.'s scheme. In addition, we propose the enhanced authentication scheme that eliminates the security vulnerabilities of Cheng et al.'s scheme.

• Nuclear Engineering and Technology
• /
• 제49권3호
• /
• pp.484-494
• /
• 2017

In industrial plants such as nuclear power plants, system operations are performed by embedded controllers orchestrated by Supervisory Control and Data Acquisition (SCADA) software. A targeted attack (also termed a control aware attack) on the controller/SCADA software can lead a control system to operate in an unsafe mode or sometimes to complete shutdown of the plant. Such malware attacks can result in tremendous cost to the organization for recovery, cleanup, and maintenance activity. SCADA systems in operational mode generate huge log files. These files are useful in analysis of the plant behavior and diagnostics during an ongoing attack. However, they are bulky and difficult for manual inspection. Data mining techniques such as least squares approximation and computational methods can be used in the analysis of logs and to take proactive actions when required. This paper explores methodologies and algorithms so as to develop an effective monitoring scheme against control aware cyber attacks. It also explains soft computation techniques such as the computational geometric method and least squares approximation that can be effective in monitor design. This paper provides insights into diagnostic monitoring of its effectiveness by attack simulations on a four-tank model and using computation techniques to diagnose it. Cyber security of instrumentation and control systems used in nuclear power plants is of paramount importance and hence could be a possible target of such applications.